CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
CISSP Cyber Training Podcast - CISSP Training Program
CCT 270: CISSP Rapid Review Exam Prep - Domain 3 (Part 2)
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
A sophisticated banking network breach using tiny Raspberry Pi devices sets the stage for our comprehensive examination of CISSP Domain 3 Security Architecture fundamentals. The attack—which gave hackers persistent remote access to ATM systems—demonstrates how physical security failures can lead to devastating network compromises, perfectly illustrating why Domain 3's holistic approach to security is critical in modern environments.
We systematically explore the security requirements for diverse system architectures—from traditional client-server setups to cutting-edge containerization and serverless deployments. You'll gain clarity on why different systems demand specialized protection strategies: how industrial control systems prioritize availability over confidentiality, why cloud environments operate under shared responsibility models, and what makes IoT devices particularly vulnerable to compromise.
The cryptographic section demystifies key management practices, explaining why even mathematically sound algorithms fail when implementation is flawed. We break down symmetric versus asymmetric encryption, digital signatures, and hashing techniques essential for data integrity. More importantly, you'll understand the complete cryptographic lifecycle from generation through destruction—knowledge directly applicable to real-world security operations and exam scenarios alike.
Our detailed examination of attack methodologies covers everything from brute force attempts to sophisticated side-channel attacks that extract secrets through power consumption analysis. The physical security portion reveals why facility design, environmental controls, and power management form essential layers in your defense strategy.
Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode delivers actionable insights into creating robust, multi-layered security architectures. Ready to build stronger defenses? Visit CISSPCyberTraining.com for free practice questions and additional resources to accelerate your cybersecurity mastery.
Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go.
Speaker 2:Cybersecurity knowledge All right, let's get started. Hey, I'm Sean Gerber. With CISSP Cyber Training and today's podcast, we are going to be going over the CISSP Rapid Review Exam Prep, domain 3, Part 2. Yes, we're going to be focusing on Part 2 of the CISSP Rapid Review Exam Prep for this podcast today, so I'm pretty excited about that. Last week you had domain two, you had domain three, part one, and now we have domain three, part two. So we're going to go over those and then the ultimate goal is to provide you all the skills you need to pass the CISSP exam the first time, and this is a good way for you to do that. So let's go about the breakdown related to domain three. We're just going to reaffirm that information if you haven't already heard it Domain three there's about 13% of the CISSP questions are on domain three, and so therefore, it's a pretty substantial amount, and the amount that knowledge you have to know from domain three is pretty good. You're going to have to basically have a lot of questions on this, so having a good grasp of it is an important part, and you can get all of this content at CISSP Cyber Training. There's a lot of free resources out there. There's a lot of paid resources. But the bottom line is I want to help you pass the exam the first time. So, ultimately, go go out there, find all kinds of free content, can head to cissp, cyber training, and get some more free content, but all of mine's curated in one stop shop. You don't have to go to a lot of different places to find it. It's there and available for you. It's free. You can go to it. Just just sign up. Easy peasy, lemon squeezy. Okay, so we're going to quickly. Before we get into this domain, we're going to go over some things that I saw in the news today. Okay, so, I've just got an affinity for ICS and OT environments and I'm just kind of this is going to follow suit with that. In the news today, this article comes out of Ars Technica, and this is a search of riches.
Speaker 2:Hackers plant 4G-enabled Raspberry Pis into a bank network. So, as we all know, raspberry Pis are very small and very, very powerful. For a little tiny piece of equipment, they can do a lot of things, and so these folks decided to install a Raspberry Pi within a banking network. Now, for this to occur, a lot of things had to happen that didn't quite work out right. So if you're in the banking space, this is a huge failure. If you're in the banking space, this is a huge failure.
Speaker 2:And somehow or another, these folks had physical access to the network facility where the banking ATM systems were placed. So what ended up happening is they have this device and it has hosted on it a tiny shell back door and it's able to be communicated over mobile data, obviously and then it creates a persistent remote connection. They were able to get access to the network switching room for this ATM environment and they plugged this rascal in there. By doing so, they had remote access to the overall ATM environment and they were able to basically do whatever they wish to do. In addition, they also had the ability. They added some anti-forensics capabilities more or less some masquerading pieces and they would have the system do Linux bind mounts. It would also help add network traffic across it as well, to make it look like everything is supposed to be there. So these folks knew what they were doing when they put this system in place.
Speaker 2:The question I have is how did they get access to the network switching room? That is not good, right? I mean, that's a huge failure. These switching rooms should have some sort of cat card capability or some sort of I call them the beep beep capability to be able to gain access. Cat card capability or some sort of I call them the beep beep capability to be able to gain access. So physical access along with network access falls very much in line with what I used to do with the military in the red teaming. So we talk about is why you have red teams are so important to have within your organization, or to at least have them come against your organization, because they can look for different places that would allow access into it. So the bottom line is that this is a really good article. It gets pretty deep into some areas around how emails would be sent out, the different types of forensics capabilities that were there specifically, and it's just an awesome read, real quick read around the OT environment.
Speaker 2:Now I come back to say banks don't really. People will say, well, banks don't have operational technology environment. They do and they have IoT environments. They have all kinds of things in their networks and this is an interesting part is the fact that most manufacturing facilities understand network segmentation very well when it comes to related to the overall OT space, because many of the processes we have will blow up and kill people. When it comes to the banking industry, I think they understand it, especially some of the bigger banks, but the smaller banks may not have as good a grasp on it as well. So it's really important if you are in one of the financial sectors and you maybe are not on a large top tier bank, but you're maybe like in a mid tier, mid to lower tier bank, you need to be just as in tune to this information as anybody else because, realistically, you're the ones that are out there hanging out to dry. I've seen plenty of bank professionals that do really really well in what they do, but the problem is they're wearing too many hats. And this is a good example of if you don't have good control over your network switching environment and maybe you forget to lock the door, maybe you forget to whatever that is. A rock gets stuck in there. There's people can gain access to your network switching and can cause you all kinds of drama, so you don't want that to happen. But again, good article from Ars Technica. Good article from Ars Technica. It's related to the ATM switching networks and hackers planting 4G-enabled Raspberry Pis into a banking network. Okay, so let's get into what we're going to talk about today Client-based systems.
Speaker 2:He's focused on endpoint security, protecting against malware, data loss and user-driven vulnerabilities. They require robust I mean robust patch management systems, and you want to make sure that they are being patched. Obviously, user awareness, training and authentication methods are an important part of all this. Server-based systems, these centralized points of data storage and processing, making them high-value targets. Obviously, because your client-based systems are usually the first door in, but the long-term play is the servers. They demand strong hardening and you want to make sure that your servers are set up in a way that is protecting them. Database systems primary focus is on data confidentiality, integrity and availability, and it requires access controls with obviously least privilege, encryption whether data is at rest, and then regular backups and auditing of these data sources forms Cryptographic systems.
Speaker 2:These systems rely heavily on the strength of the algorithms and the proper key management. Having good key management is an imperative part of any sort of cryptographic system. Vulnerabilities often stem from weak generation or poor key storage or potentially incorrect protocol usage, rather than the algorithm's flaws itself. Most problems with these algorithms these have been around for a while a while. They're bulletproof it's the fact that people just don't configure them correctly. Okay, continuing to 3.5.
Speaker 2:Industrial control systems. You need to prioritize safety and availability over confidentiality. Often operating in real-time environments, this face unique challenges due to legacy systems, because they are challenging. They are, and specialized protocols are, and specialized protocols. Convergence with IT networks, incorporating ICS and IT can be a bit of a challenge. We talk more about that in CISSP, cyber Training and overall in my course that I taught in Industrial Controls, cloud-based systems. These operate under a shared responsibility model where security duties are divided between the cloud provider and the customer. Again, the cloud provider will provide some of this, but a lot of times it's up to the customer and if you don't know how to protect the cloud environment, you could be in trouble. These require careful consideration of data governance, compliance, vendor lock-in and secure configurations in the cloud. We talked about configurations as an important part and you need to have a good plan when you're dealing with any sort of cloud infrastructure.
Speaker 2:Distributed systems this is composed of multiple independent components communicating over a network, increasing complexity and attack surface. Now, again, when you have distributed systems, you got to understand how do they communicate, what is the data consistency between these and then overall, managing these. Decentralized identities for these systems, internet of Things, managing these decentralized identities for these systems. Internet of Things IoT this is characterized by a vast number and a very diverse group of systems that really basically have a huge, massive attack surface, because everything can be IoT, from the echoes that you have in your house to your sensors that are determining your temperature within some other buildings. All that stuff is part of an IoT network. Common issues include weak default credentials, unpatchable firmware, insecure comms and privacy concerns with these systems. Again, you can buy it off of Amazon and get yourself a great product, put it in place and you're running, but you don't know what kind of vulnerabilities you just incurred.
Speaker 2:Microservices this is where architectural style, where applications are built as collections of small, independently deployed services and these are security configurations shift to securing APIs, which is, these interconnections between them, inter-service communications and managing the decentralized security policies. So when you deal with microservices, how are they communicating? How are they protected from a standpoint of what they're running? Basically, microservices, all it really is is, instead of having a computer running a specific script, it's just the script running itself and you don't have to have a server stood up to run that specific script. You can do that, but the services are designed to run independently. Continuing with 3.5, containerization these are packages and applications and their dependencies on isolated units or containers that share the host OS kernel. There's key security aspects of these, including images, runtime protection, host OS hardening and the orchestrator security, obviously part of the Kubernetes clusters. Containerization is a great tool, but you need to understand it before you start implementing within your organization and you need to understand the security implications of doing that.
Speaker 2:Serverless. This allows for developers to build and run applications without managing servers or abstracting infrastructure. Very similar to microservices, same kind of concept, but it's just developed on a serverless piece. These security focuses on security functions, code and event triggers, identity and access, management for functions and managing third-party dependencies. You're going to run into a lot of third parties with serverless. A lot of third parties will do that and that's part of their SaaS offering Embedded systems.
Speaker 2:These are dedicated computer systems designed specifically for functions in larger mechanical or electrical systems. You'll run this in like your HVAC, all these dedicated computer systems set up specifically to run them as embedded. They're in cars, they're in appliances, they're in all kinds of things, and they often have very limited resources and they have fixed functionality, which basically means they can only do certain things, but they are in place for a long time. So many of these embedded systems still may be running Windows NT or Windows 95. I would hope not, but I think they're still out there and so, if that's the case, you may have a challenge. Just may have a small challenge.
Speaker 2:Continuing with 3.5, high-performance computing systems HPCs these are designed for massive computational tasks and handling large data sets. They're the supercomputers, right. These include processing vast amounts of sensitive data, including inter-nodal communications, and managing access to powerful resources. Edge computing this is where the process of data closer to the source of the generation. We would do edge computing in the industrial control environments because they would compute it at the facilities and not go to the cloud.
Speaker 2:There are security challenges involved securing distributed physical systems and managing remote updates, ensuring that there's integrity at the edge. You're maintaining these edge systems. You've got to think about them, you can't forget about them, and they're just one more way and one more vulnerability within your organization. Virtualized systems these involve running multiple virtual instances on a single physical host managed by a hypervisor. We talked about the hypervisor a little bit ago, but hypervisor security is paramount. If you can control the hypervisor, you control the vms and you don't want to control the vms. What bad guys do, but you don't want. You want them to be protected in their own little enclave. Domain 3.6 access and mitigate vulnerabilities in web-based systems.
Speaker 2:Cryptographic life cycle this encompasses all stages of the key generation, distribution, storage and usage to include revocation and destruction. This is what happens to your life, the cryptographic aspects of this, your keys, your certificates. When do they begin and when do they die? What happens to them as well? This ensures that your cryptographic assets are managed securely throughout their entire existence, from when they're birthed to when they are put in the grave Again. That's the overall life cycle. It's an important part of any organization is to understand that completely Cryptographic methods. We've got some various things you'll hear about on the CISSP Symmetric encryption this is a single shared secret key for both encryption and decryption.
Speaker 2:And this is a single shared secret key for both encryption and decryption. Asymmetric uses a public key crypto right so you're dealing with PKI and it uses mathematically linked keys for public and private for encryption and decryption. That's your asymmetric and then your elliptic curve crypto ECC this is a type of asymmetric cryptography that provides similar security strength with smaller key sizes, making it much more efficient, especially in the mobile space. And then, obviously, quantum yes, the big quantum. This is where it is looking at cryptographic techniques based on quantum mechanics principles and often theoretical air quotes unbreakable security One of the things around quantum is that it will crack old symmetric type encryption. We'll see how that plays out.
Speaker 2:Pki this is a framework of policies and standards than software that enables the use of public key crypto and it provides a means to create, manage and distribute the use of revoked digital certificates. It's just the overall framework using these various types of cryptographic methods to ensure that you are using it in a way that is consistent throughout the organization. Key management practices this is crucial Again we talked about this a little bit already is that you have these key management things in place. This includes secure generation of keys, storage, distribution, backup, recovery and destruction of the cryptographic keys all part of the life cycle. Poor key management can be very bad and it can set you up in a situation where your organization can be taken over. So you want to have a really good, strong key management, especially if you're using cloud resources as well. You're going to have a potentially different key management system for that, so you need to have a good plan in place.
Speaker 2:Digital signatures and digital certificates A digital signature is a cryptographic mechanism used to verify the authentication and integrity of digital messages or documents. This ensures non-repudiation. Digital certs these are electronic documents that bind the public key to an individual or entity used by a certificate authority. Okay, so you'll get a digital certificate for your website. Those are binding that to you. Non-repudiation this provides undeniable proof that a specific action or event has occurred and cannot be falsely denied by the sender or receiver. This often is achieved through digital signatures which link the action to the specific private key holder. Integrity this is basically the hashing piece. Hashing is a one-way cryptographic function that takes input, obviously from the data, and produces a fixed string character or a hash value. This hashing is used to verify that the data is what it is. So if you have it hashed in one, you compare it to a hash in another. If they are the same, then your data has not been manipulated. If they are different, then you have a problem. This indicates potential tampering with your overall systems.
Speaker 2:Domain 3.7, understanding methods of cryptoanalytic attacks. Big words, sorry, big words. Okay, so we have a brute force. This is an attack that attempts every possible combination of a password until the correct one is found. That's brute force attempt. It often is mitigated by having some sort of lockout policies or multi-factor set up.
Speaker 2:Ciphertext only this is a crypto analysis attack where the attacker only has access to the ciphertext and attempts to deduce the plain text or the key from the ciphertext. This is very challenging because you've got to have a lot of unknowns. Now this works really well or not really well. This will work if you do not have a good, strong encryption strategy in place. If you have a strong encryption strategy, it's pretty much darn near impossible. Known plaintext this is a cryptoanalysis attack where the attacker has access to both the cipher and the corresponding plaintext. This does allow them to analyze patterns and potentially deduce the encryption key or the algorithm. Frequency analysis Crypto analysis technique that exploits the non-uniform frequency of letters or symbols in a specific language. It's most effective against simple substitution ciphers and it's less so against modern, more complex encryption. Chosen ciphertext this is a cipher analysis attack where the attacker can choose arbitrary plaintext to be encrypted and obtain corresponding ciphertext. This provides significant information to the attacker, making it a very powerful attack against certain cryptographic schemes.
Speaker 2:Implementation attack this is an exploits vulnerabilities, the implementation of crypto or the protocol, rather than the flaws in the algorithm itself, which can be challenging. It's more role after the implementation. This can include software bugs, hardware flaws and incorrect configurations. Side channel attack this attacks extract the secret information or the cryptographic keys by observing indirect effects of the system's operation. This includes analyzing power consumption, electromagnetic emissions and acoustic signals. Again, these are getting very challenging if you want to try to do some of these. Fault injection, deliberately inducing errors or faults into the system, basically manipulating voltage or clock signals to cause it to behave unexpected. This can be used to bypass security mechanisms or extract secret information specifically from that. Again, all of these can be very challenging, but to the person who has time on their hands they may be able to be doable. Continuing with 3.7, timing, a type of side channel attack that analyzes the time taken for cryptographic operations to complete. Variations in timing can reveal information about the secret key or the data being processed.
Speaker 2:Man in the middle this is an attack where the attacker secretly intercepts the relay communications between two parties who believe they're communicating specifically to themselves, but someone's in the middle. This allows the attacker to eavesdrop, alter or inject messages into the communication. Happens a lot with SMS texts, but man in the middle is a true attack. That is out there and people are using it quite frequently. Pass the hash this is where the attacker will authenticate to a remote server by using underlying NTLM or landman hashes basically what the attacker's or the user's password is, rather than the plain text password itself and they just basically impersonate the person using the hash. It's common in Windows environments where hashes are stored and used for authentication. This should be addressed and many companies should patch for this. But if it hasn't been patched, patch the hash works very well. Kerberos exploitation this attacks targeting vulnerabilities in the Kerberos authentication protocol and involves ticket manipulation or brute forcing. This includes kerb roasting, which is extracting the service principal's names. Hashes and the golden ticket attacks forging the curb roast tickets Very similar to what we're dealing with with pass the hash. Very similar kind of concept Ransomware malicious software that encrypts the victim's files and demands ransom payment, usually in crypto.
Speaker 2:You deal with this all the time. You hear about it a lot, so obviously you probably are very well familiar with what a ransomware attack is Often spreads via phishing emails or exploiting software vulnerabilities, causing significant operational disruption and data loss and that's pretty much an understatement. It can cause all kinds of drama and it's very painful. Domain 3.8, we're dealing with security facility plans. This is a comprehensive document outlining the security measures, controls and procedures for physical security at a facility. This indicates physical security with logical security and considering the threats, vulnerabilities and risk tolerance of the organization. Site selection this involves choosing a location or facility that is inherently minimizes a security risk one that you'd have it out in the middle of the desert, it's a great way. And considerations including natural disasters, susceptibility, proximity to high crime areas, utilities all of those are an important part of a site selection. Political stability is another one. At the company we're working with, we deal with the political ramifications in other countries. Facility design this incorporates security principles into architectural layout and construction of buildings. It aims to create layers of defenses that would be perimeter and buildings shells, all those and it's designed to deter, detect, delay and respond to the various threats.
Speaker 2:Domain 3.9. Design, site and facility security controls, wiring, closets and intermediate distribution facilities. This is where you have a secure area. This is where you'd implement physical security access, such as locked doors, card readers, alarms. All of these would contain critical network infrastructure and they're all tied together. Your environmental monitoring. This would be monitoring temperature, humidity, water leaks. All of that would be part of your intermediate distribution facilities and your wiring closets. They want to make sure that you have all of that in place to ensure that you don't have damage in those facilities and that they maintain their uptime.
Speaker 2:Server rooms and data centers this will employ multiple layers of defense for your data centers and your server rooms, include fencing, access controls, video surveillance, and you want to have some level of redundancy built into this, such as to maintain these servers, which is cooling, network connectivity and high availability and fault tolerance. You want to have server rooms that are set up that, if they go down or if there's a power flux, they can continue to operate Media storage facilities. These maintain stable temperature, humidity to prevent degradation of storage media such as tapes, discs, anything that's old school like that. They need to have heat and cold. Heat and cold will destroy these types of systems. You need to have good environmental controls established, strict access control and inventory. Again, many times this information is under legal hold and you want to ensure you have robust access controls, detailed inventory management and audit trails to track media and movement and then evidence storage. This is to establish unbroken chain of custody, to maintain integrity and admissibility of their digital and physical evidence, store the evidence in secure, tamper evident containers or locations with restricted access and continuous monitoring. Again, all those are done in your facility.
Speaker 2:Controls, security, access controls and segregation you want to implement appropriate access controls, such as key cards and biometrics, to restrict entry to sensitive base systems. Now, clear zoning this is where you define clear security zones to separate the public, semi-public and highly restricted areas within a facility. Do you have a facility that has both where people can come in and then where people are? The public can come in and then you would have an area where maybe some people can sit and wait for them to be allowed in, and then you have an area that's restricted. I dealt a lot with this in the manufacturing space, special chemical manufacturing. There was a very controlled, staged process in this entire thing.
Speaker 2:Utilities and heating, ventilation and air conditioning, hvac systems these are physical protection. They secure utility entry points such as water, gas and electricity and HVAC systems from unauthorized access or sabotage. Again, you want to have those put in place for your HVAC systems. They are a crucial part. Many people don't believe how crucial your HVAC system is to your organization. You have environmental monitoring and alarms. This would implement sensors or temperature, humidity and airflow when it will give you alerts if deviation could impact your equipment. It's an important part, right? If these systems go down, if they get too hot, they shut themselves down or they burn themselves up. All of those are bad, from downtime to actual having physical hardware to loss of data. Environmental issues you have water detection Deploy water sensors in critical areas to give you immediate alerts if there is a water issue. You have this in your homes. You can put alerts for your hot water heater if it were to start to leak. Air quality and contaminants this is where you monitor the air quality and prevent damage from dust, pollutants and corrosive gases, especially in data centers.
Speaker 2:Fire prevention detection and suppression. Prevention this implements fire resistant building materials and strict electrical safety standards on your systems themselves. Are they in tubing? Are they in some sort of metal tubing and your wires are going through conduit of some kind? Detection using multi-zone smoke and heat detectors integrating with alarm systems. And then suppression, employing appropriate suppression systems such as pre-action sprinklers and or gas systems for different locations. Considering looking for data preservation.
Speaker 2:Power if you're looking for uninterruptible power supplies, or UPSs. They provide immediate short-term power during outages and allow for graceful shutdowns or generator startup. The ultimate point of a UPS is not to run the system forever. It's to allow it to shut down gracefully so it doesn't break things or give you time to get your UPS up and running. Generators offer a long-term backup power for extended outages requiring regular testing and fuel management. Again, you have to run them frequently, these systems. If you don't run them, they break. This would be independent multiple power feeds that come in from different grids to ensure continuous power to your organization, and all of those are around design, site and facility security controls.
Speaker 2:Thank you all again for joining me today on this podcast. If you like what you heard, head on over to your local podcast hosting like iTunes, whatever that might be, and please leave me a rating. Ratings are wonderful. People like ratings, ratings are good. So, again, head on over there. Give me a rating on what you think. Again, good, bad ugly, that's fine too. Whatever you need. If you thought it was terrible, that's fine too. But bottom line is I'm here to help provide you the information you need to pass the CISSP exam. Also, if you are interested in any of this content. It is available to you at CISSP Cyber Training.
Speaker 2:There's a lot of free content. Again, my bronze package on my CISSP is all about giving you as much free content as I can. Everything out there, I mean, you can get it anywhere on the web. You can go to different videos, you can watch all this different stuff. But if you go to CISSP Cyber Training, I have curated free content that's available for you step by step, by step by step to help you pass the CISSP.
Speaker 2:If you want more of a deep dive and understand what you need to do to pass the exam and really get into some of this content in more of a deeper level, and you need just maybe a little bit more depth in understanding of the content, you can get my paid resources that are out there. There's over 36 hours of content way more than that it's probably close to 40 now are out there. There's over 36 hours of content way more than that it's probably close to 40 now, with 1500 hours or 1500 CISSP questions. I've got deep dive topics, mentorship. I got all kinds of aspects available to you at CISSP Cyber Training. So head on over there, check it out, see what you like, and then we'll go from there.
Speaker 2:All right, have a wonderful day and we will catch you on the flip side, see you. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube and just head to my channel at CISSP Cyber Training and you will find a plethora, or a cornucopia, of content to help you pass the CISSP exam the first time. To help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.
